Cisco 7960 VoIP behind ASA 5510 not recieving calls, but can make calls

I have an interesting problem with our ASA 5510. We have a few Cisco 7960 VoIP phones which can make calls but are unable to receive calls after a few hours.

My thought was that the ASA was causing an issue with SYN/ACK messages coming from the phones and being denied due to no matching SYN and causing half open connections on the phones until the phone can no longer receive any new connections. I've seen this happen in the logs before.

this was "fixed" with:
service resetinbound interface outside
service resetinbound interface inside

However, I'm not seeing any denied SYN/ACK messages now and the phones are having this issue. The only way I know to temporarily resolve it is to re-enter the dynamic nat configuration, and then the phones begin to work again.

The phones are configured for SIP, and are using our ISPs IPBX to register.
[Phone]---->[ASA]-------->[ISP IPBX]

I've attached the ASA config. If anyone has any input on this, it will be greatly appreciated.


aaronhebertAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
aaronhebertAuthor Commented:
ran debug sip and found the following message

SIP::Unable to open pinhole for NOTIFY message from 192.168.26.20 to 192.168.26.20/50195
0
 
kunalpatelCommented:
Dont you have to run the phone-proxy for this to work ??

Check this out

https://supportforums.cisco.com/docs/DOC-5704

Cheers

Kunal
0
 
aaronhebertAuthor Commented:
Found out that inspecting SIP on ASAs will cause this issue.

Resolution:
Do not inspect SIP. Perform QoS based on Expedited Forward value.

From the IP header:
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)

This problem exists because we use multiple VoIP vendors. Linksys and Cisco. Each use their own protocols. Cisco uses RTP over UDP, and Linksys uses straight UDP without any further encapsulation. matching for QoS by DSCP field has resolved this issue.
priority-queue outside
priority-queue inside
!
class-map global-voice-class
 match dscp ef
!
policy-map global-voice-policy
 class global-voice-class
  priority
!
service-policy global-voice-policy global

Open in new window

0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
aaronhebertAuthor Commented:
issue resolved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.